[Samba] kinit works, net join ads fails - Samba

This is a discussion on [Samba] kinit works, net join ads fails - Samba ; I running 3.0.25c on OpenSolaris. I can succesfully do a kinit and see the ticket via klist, but am unable to join the domain. /usr/sfw/sbin/net -d 5 ads join -U user@DOMAIN.LOCA L gives the following error... [2007/08/29 15:49:24, 3] libsmb/clikrb5.c ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [Samba] kinit works, net join ads fails

  1. [Samba] kinit works, net join ads fails

    I running 3.0.25c on OpenSolaris. I can succesfully do a kinit and see
    the ticket via klist, but am unable to join the domain.

    /usr/sfw/sbin/net -d 5 ads join -U user@DOMAIN.LOCAL

    gives the following error...

    [2007/08/29 15:49:24, 3] libsmb/clikrb5.c593)
    ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
    file found)
    [2007/08/29 15:49:24, 0] libads/kerberos.c228)
    kerberos_kinit_password user@DOMAIN.LOCAL failed: Preauthentication failed
    [2007/08/29 15:49:24, 1] utils/net_ads.c1470)
    error on ads_startup: Preauthentication failed
    Failed to join domain: Logon failure
    [2007/08/29 15:49:24, 2] utils/net.c1032)

    I have synced the time on the Samba box with my domain controller. Any
    thoughts on what is wrong?

    --
    Pete
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. RE: [Samba] kinit works, net join ads fails

    I actually had this happen to me not too long ago with Samba 3.0.25c. My
    problem was that I didn't set the ADS mode properly. You're always warned to
    set workgroup equal to the the pre-windows2000 domain name.

    So, just a few things to check:

    1.) Typo's in the realm name.
    2.) Typo's in the krb5.conf file (I use heimdal)
    3.) Try running the net ads join with the administrator account (if you're
    using another account).
    4.) Checking the the AD server to make sure that you don't have an old
    machine account for the Samba machine.

    Hope that helps.

    Theodore Charles III
    Network Administrator
    Los Angeles Senior High (www.lahigh.org)


    >From: "Peter Baumgartner"
    >To: samba@lists.samba.org
    >Subject: [Samba] kinit works, net join ads fails
    >Date: Wed, 29 Aug 2007 15:55:28 -0600
    >
    >I running 3.0.25c on OpenSolaris. I can succesfully do a kinit and see
    >the ticket via klist, but am unable to join the domain.
    >
    >/usr/sfw/sbin/net -d 5 ads join -U user@DOMAIN.LOCAL
    >
    >gives the following error...
    >
    >[2007/08/29 15:49:24, 3] libsmb/clikrb5.c593)
    > ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
    >file found)
    >[2007/08/29 15:49:24, 0] libads/kerberos.c228)
    > kerberos_kinit_password user@DOMAIN.LOCAL failed: Preauthentication
    >failed
    >[2007/08/29 15:49:24, 1] utils/net_ads.c1470)
    > error on ads_startup: Preauthentication failed
    >Failed to join domain: Logon failure
    >[2007/08/29 15:49:24, 2] utils/net.c1032)
    >
    >I have synced the time on the Samba box with my domain controller. Any
    >thoughts on what is wrong?
    >
    >--
    >Pete
    >--
    >To unsubscribe from this list go to the following URL and read the
    >instructions: https://lists.samba.org/mailman/listinfo/samba


    __________________________________________________ _______________
    Get a FREE small business Web site and more from Microsoft® Office Live!
    http://clk.atdmt.com/MRT/go/aub0930003811mrt/direct/01/

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] kinit works, net join ads fails

    >I running 3.0.25c on OpenSolaris. I can succesfully do a kinit and see
    >the ticket via klist, but am unable to join the domain.
    >
    >/usr/sfw/sbin/net -d 5 ads join -U user@DOMAIN.LOCAL
    >
    >gives the following error...
    >
    >[2007/08/29 15:49:24, 3] libsmb/clikrb5.c593)
    > ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
    >file found)
    >[2007/08/29 15:49:24, 0] libads/kerberos.c228)
    > kerberos_kinit_password user@DOMAIN.LOCAL failed: Preauthentication
    >failed
    >[2007/08/29 15:49:24, 1] utils/net_ads.c1470)
    > error on ads_startup: Preauthentication failed
    >Failed to join domain: Logon failure
    >[2007/08/29 15:49:24, 2] utils/net.c1032)
    >
    >I have synced the time on the Samba box with my domain controller. Any
    >thoughts on what is wrong?


    On 9/3/07, Necos Secon wrote:
    >
    > So, just a few things to check:
    >
    > 1.) Typo's in the realm name.
    > 2.) Typo's in the krb5.conf file (I use heimdal)
    > 3.) Try running the net ads join with the administrator account (if you're
    > using another account).
    > 4.) Checking the the AD server to make sure that you don't have an old
    > machine account for the Samba machine.


    I've tried all this and still am having no luck. I don't believe it is
    an issue in krb5.conf because kinit and smbclient work properly. I
    just can't join it to the domain. Any other thoughts?
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread